Updated Branches: refs/heads/cisco-vnmc-api-integration 66b01a658 -> deed3cc95
Added support for static NAT rules. - Xmls for creating static nat rules in VNMC - applyStaticNats implementation in VNMC network element - handler for static nat in resource class Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/deed3cc9 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/deed3cc9 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/deed3cc9 Branch: refs/heads/cisco-vnmc-api-integration Commit: deed3cc9510fee58a02d4f485e3625335f038a57 Parents: 681f0b7 Author: Koushik Das <[email protected]> Authored: Mon Feb 25 18:03:59 2013 +0530 Committer: Koushik Das <[email protected]> Committed: Mon Feb 25 18:03:59 2013 +0530 ---------------------------------------------------------------------- .../scripts/network/cisco/create-dnat-rule.xml | 77 +----- .../scripts/network/cisco/create-pf-rule.xml | 149 +++++++++ .../cloud/network/cisco/CiscoVnmcConnection.java | 29 ++- .../network/cisco/CiscoVnmcConnectionImpl.java | 250 ++++++++------- .../cloud/network/element/CiscoVnmcElement.java | 62 ++++- .../cloud/network/resource/CiscoVnmcResource.java | 87 +++++- 6 files changed, 443 insertions(+), 211 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/deed3cc9/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml index 8f53003..8193762 100755 --- a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-dnat-rule.xml @@ -26,7 +26,7 @@ isRoundRobinIpEnabled="no" srcTranslatedIpPatPool="" srcTranslatedIpPool="%ippoolname%" - srcTranslatedPortPool="%portpoolname%" + srcTranslatedPortPool="" status="created"/> </pair> @@ -62,77 +62,6 @@ value="%srcip%"/> </pair> - <pair key="%natruledn%/rule-cond-3"> - <policyRuleCondition - dn="%natruledn%/rule-cond-3" - id="3" - order="unspecified" - status="created"/> - </pair> - <pair key="%natruledn%/rule-cond-3/nw-expr2/nw-attr-qual"> - <policyNwAttrQualifier - attrEp="source" - dn="%natruledn%/rule-cond-3/nw-expr2/nw-attr-qual" - status="created"/> - </pair> - <pair key="%natruledn%/rule-cond-3/nw-expr2"> - <policyNetworkExpression - dn="%natruledn%/rule-cond-3/nw-expr2" - id="2" - opr="range" - status="created"/> - </pair> - <pair key="%natruledn%/rule-cond-3/nw-expr2/nw-port-2"> - <policyNetworkPort - appType="Other" - dataType="string" - descr="" - dn="%natruledn%/rule-cond-3/nw-expr2/nw-port-2" - id="2" - name="" - placement="begin" - status="created" - value="%srcportstart%"/> - </pair> - <pair key="%natruledn%/rule-cond-3/nw-expr2/nw-port-3"> - <policyNetworkPort - appType="Other" - dataType="string" - descr="" - dn="%natruledn%/rule-cond-3/nw-expr2/nw-port-3" - id="3" - name="" - placement="end" - status="created" - value="%srcportend%"/> - </pair> - - <pair key="%natruledn%/rule-cond-4"> - <policyRuleCondition - dn="%natruledn%/rule-cond-4" - id="4" - order="unspecified" - status="created"/> - </pair> - <pair key="%natruledn%/rule-cond-4/nw-expr2"> - <policyNetworkExpression - dn="%natruledn%/rule-cond-4/nw-expr2" - id="2" - opr="eq" - status="created"/> - </pair> - <pair key="%natruledn%/rule-cond-4/nw-expr2/nw-protocol-2"> - <policyProtocol - dataType="string" - descr="" - dn="%natruledn%/rule-cond-4/nw-expr2/nw-protocol-2" - id="2" - name="" - placement="none" - status="created" - value="%protocolvalue%"/> - </pair> - </inConfigs> </configConfMos> @@ -141,9 +70,5 @@ natrulename="bbb" descr=value ippoolname="ccc" - portpoolname="ddd" srcip="10.147.30.230" - srcportstart="22" - srcportend="22" - protocolvalue="TCP" --!> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/deed3cc9/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml new file mode 100755 index 0000000..8f53003 --- /dev/null +++ b/plugins/network-elements/cisco-vnmc/scripts/network/cisco/create-pf-rule.xml @@ -0,0 +1,149 @@ + +<configConfMos + cookie="%cookie%" + inHierarchical="false"> + <inConfigs> + + <pair key="%natruledn%"> + <policyRule + descr="%descr%" + dn="%natruledn%" + name="%natrulename%" + order="100" + status="created"/> + </pair> + + <pair key="%natruledn%/nat-action"> + <natpolicyNatAction + actionType="static" + destTranslatedIpPool="" + destTranslatedPortPool="" + dn="%natruledn%/nat-action" + id="0" + isBidirectionalEnabled="yes" + isDnsEnabled="no" + isNoProxyArpEnabled="no" + isRoundRobinIpEnabled="no" + srcTranslatedIpPatPool="" + srcTranslatedIpPool="%ippoolname%" + srcTranslatedPortPool="%portpoolname%" + status="created"/> + </pair> + + <pair key="%natruledn%/rule-cond-2"> + <policyRuleCondition + dn="%natruledn%/rule-cond-2" + id="2" + order="unspecified" + status="created"/> + </pair> + <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual"> + <policyNwAttrQualifier + attrEp="source" + dn="%natruledn%/rule-cond-2/nw-expr2/nw-attr-qual" + status="created"/> + </pair> + <pair key="%natruledn%/rule-cond-2/nw-expr2"> + <policyNetworkExpression + dn="%natruledn%/rule-cond-2/nw-expr2" + id="2" + opr="eq" + status="created"/> + </pair> + <pair key="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2"> + <policyIPAddress + dataType="string" + descr="" + dn="%natruledn%/rule-cond-2/nw-expr2/nw-ip-2" + id="2" + name="" + placement="none" + status="created" + value="%srcip%"/> + </pair> + + <pair key="%natruledn%/rule-cond-3"> + <policyRuleCondition + dn="%natruledn%/rule-cond-3" + id="3" + order="unspecified" + status="created"/> + </pair> + <pair key="%natruledn%/rule-cond-3/nw-expr2/nw-attr-qual"> + <policyNwAttrQualifier + attrEp="source" + dn="%natruledn%/rule-cond-3/nw-expr2/nw-attr-qual" + status="created"/> + </pair> + <pair key="%natruledn%/rule-cond-3/nw-expr2"> + <policyNetworkExpression + dn="%natruledn%/rule-cond-3/nw-expr2" + id="2" + opr="range" + status="created"/> + </pair> + <pair key="%natruledn%/rule-cond-3/nw-expr2/nw-port-2"> + <policyNetworkPort + appType="Other" + dataType="string" + descr="" + dn="%natruledn%/rule-cond-3/nw-expr2/nw-port-2" + id="2" + name="" + placement="begin" + status="created" + value="%srcportstart%"/> + </pair> + <pair key="%natruledn%/rule-cond-3/nw-expr2/nw-port-3"> + <policyNetworkPort + appType="Other" + dataType="string" + descr="" + dn="%natruledn%/rule-cond-3/nw-expr2/nw-port-3" + id="3" + name="" + placement="end" + status="created" + value="%srcportend%"/> + </pair> + + <pair key="%natruledn%/rule-cond-4"> + <policyRuleCondition + dn="%natruledn%/rule-cond-4" + id="4" + order="unspecified" + status="created"/> + </pair> + <pair key="%natruledn%/rule-cond-4/nw-expr2"> + <policyNetworkExpression + dn="%natruledn%/rule-cond-4/nw-expr2" + id="2" + opr="eq" + status="created"/> + </pair> + <pair key="%natruledn%/rule-cond-4/nw-expr2/nw-protocol-2"> + <policyProtocol + dataType="string" + descr="" + dn="%natruledn%/rule-cond-4/nw-expr2/nw-protocol-2" + id="2" + name="" + placement="none" + status="created" + value="%protocolvalue%"/> + </pair> + + </inConfigs> +</configConfMos> + +<!-- + natruledn="org-root/org-vlan-123/org-VDC-vlan-123/natpol-aaa/rule-bbb" + natrulename="bbb" + descr=value + ippoolname="ccc" + portpoolname="ddd" + srcip="10.147.30.230" + srcportstart="22" + srcportend="22" + protocolvalue="TCP" +--!> http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/deed3cc9/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java index c83e5ce..7140847 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnection.java @@ -64,17 +64,12 @@ public interface CiscoVnmcConnection { public boolean createTenantVDCSourceNatPolicyRef(String tenantName, String identifier) throws ExecutionException; - public boolean createTenantVDCDNatPortPool(String tenantName, String identifier, - String startPort, String endPort) - throws ExecutionException; - public boolean createTenantVDCDNatIpPool(String tenantName, String identifier, String ipAddress) throws ExecutionException; public boolean createTenantVDCDNatRule(String tenantName, String identifier, String policyIdentifier, - String protocol, String sourceIp, - String startSourcePort, String endSourcePort) + String sourceIp) throws ExecutionException; public boolean createTenantVDCDNatPolicy(String tenantName, String identifier) @@ -86,6 +81,28 @@ public interface CiscoVnmcConnection { public boolean createTenantVDCDNatPolicyRef(String tenantName, String identifier) throws ExecutionException; + public boolean createTenantVDCPFPortPool(String tenantName, String identifier, + String startPort, String endPort) + throws ExecutionException; + + public boolean createTenantVDCPFIpPool(String tenantName, String identifier, + String ipAddress) throws ExecutionException; + + public boolean createTenantVDCPFRule(String tenantName, + String identifier, String policyIdentifier, + String protocol, String sourceIp, + String startSourcePort, String endSourcePort) + throws ExecutionException; + + public boolean createTenantVDCPFPolicy(String tenantName, String identifier) + throws ExecutionException; + + public boolean deleteTenantVDCPFPolicy(String tenantName, String identifier) + throws ExecutionException; + + public boolean createTenantVDCPFPolicyRef(String tenantName, String identifier) + throws ExecutionException; + public boolean createTenantVDCNatPolicySet(String tenantName) throws ExecutionException; http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/deed3cc9/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java index f21045f..6a2a1f0 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/cisco/CiscoVnmcConnectionImpl.java @@ -72,6 +72,7 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { CREATE_PORT_POOL("create-port-pool.xml", "policy-mgr"), CREATE_IP_POOL("create-ip-pool.xml", "policy-mgr"), + CREATE_PF_RULE("create-pf-rule.xml", "policy-mgr"), CREATE_DNAT_RULE("create-dnat-rule.xml", "policy-mgr"), CREATE_SOURCE_NAT_RULE("create-source-nat-rule.xml", "policy-mgr"), @@ -416,20 +417,18 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { } private String getNameForSourceNatIpPool(String tenantName) { - return "SNAT-Ip-" + tenantName; + return "SNATIp-" + tenantName; } private String getDnForSourceNatPool(String tenantName) { return getDnForTenantVDC(tenantName) + "/objgrp-" + getNameForSourceNatIpPool(tenantName); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#createTenantVDCSourceNatIpPool(java.lang.String, java.lang.String, java.lang.String) - */ @Override public boolean createTenantVDCSourceNatIpPool(String tenantName, String identifier, String publicIp) throws ExecutionException { - return createTenantVDCIpPool(getDnForSourceNatPool(tenantName), + return createTenantVDCIpPool( + getDnForSourceNatPool(tenantName), getNameForSourceNatIpPool(tenantName), "Source NAT ip pool for Tenant VDC " + tenantName, publicIp); @@ -451,9 +450,18 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { return getDnForSourceNatPolicy(tenantName) + "/rule-" + getNameForSourceNatRule(tenantName); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#createTenantVDCSourceNatRule(java.lang.String, java.lang.String, java.lang.String) - */ + private String getNameForNatPolicySet(String tenantName) { + return "NAT-PolicySet-" + tenantName; + } + + private String getDnForNatPolicySet(String tenantName) { + return getDnForTenantVDC(tenantName) + "/natpset-" + getNameForNatPolicySet(tenantName) ; + } + + private String getDnForSourceNatPolicyRef(String tenantName) { + return getDnForNatPolicySet(tenantName) + "/polref-" + getNameForSourceNatPolicy(tenantName) ; + } + @Override public boolean createTenantVDCSourceNatRule(String tenantName, String identifier, String startSourceIp, String endSourceIp) throws ExecutionException { @@ -473,21 +481,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { return verifySuccess(response); } - private String getNameForNatPolicySet(String tenantName) { - return "NAT-PolicySet-" + tenantName; - } - - private String getDnForNatPolicySet(String tenantName) { - return getDnForTenantVDC(tenantName) + "/natpset-" + getNameForNatPolicySet(tenantName) ; - } - - private String getDnForSourceNatPolicyRef(String tenantName) { - return getDnForNatPolicySet(tenantName) + "/polref-" + getNameForSourceNatPolicy(tenantName) ; - } - - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#createTenantVDCSourceNatPolicyRef(java.lang.String, java.lang.String) - */ @Override public boolean createTenantVDCSourceNatPolicyRef(String tenantName, String identifier) throws ExecutionException { return createTenantVDCNatPolicyRef( @@ -496,9 +489,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { tenantName); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#createTenantVDCSourceNatPolicy(java.lang.String, java.lang.String) - */ @Override public boolean createTenantVDCSourceNatPolicy(String tenantName, String identifier) throws ExecutionException { return createTenantVDCNatPolicy( @@ -506,9 +496,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { getNameForSourceNatPolicy(tenantName)); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#createTenantVDCNatPolicySet(java.lang.String) - */ @Override public boolean createTenantVDCNatPolicySet(String tenantName) throws ExecutionException { String xml = VnmcXml.CREATE_NAT_POLICY_SET.getXml(); @@ -523,9 +510,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { return verifySuccess(response); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#associateNatPolicySet(java.lang.String) - */ @Override public boolean associateNatPolicySet(String tenantName) throws ExecutionException { String xml = VnmcXml.RESOLVE_NAT_POLICY_SET.getXml(); @@ -571,9 +555,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { return getDnForAclPolicy(tenantName, policyIdentifier) + "/rule-" + getNameForAclRule(tenantName, identifier); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#createTenantVDCAclPolicy(java.lang.String, java.lang.String, boolean) - */ @Override public boolean createTenantVDCAclPolicy(String tenantName, String identifier, boolean ingress) throws ExecutionException { String xml = VnmcXml.CREATE_ACL_POLICY.getXml(); @@ -588,9 +569,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { return verifySuccess(response); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#deleteTenantVDCAclPolicy(java.lang.String, java.lang.String) - */ @Override public boolean deleteTenantVDCAclPolicy(String tenantName, String identifier) throws ExecutionException { String xml = VnmcXml.DELETE_ACL_POLICY.getXml(); @@ -604,9 +582,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { return verifySuccess(response); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#createTenantVDCAclPolicyRef(java.lang.String, java.lang.String, boolean) - */ @Override public boolean createTenantVDCAclPolicyRef(String tenantName, String identifier, boolean ingress) throws ExecutionException { String xml = VnmcXml.CREATE_ACL_POLICY_REF.getXml(); @@ -621,9 +596,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { return verifySuccess(response); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#createTenantVDCAclPolicySet(java.lang.String, boolean) - */ @Override public boolean createTenantVDCAclPolicySet(String tenantName, boolean ingress) throws ExecutionException { String xml = VnmcXml.CREATE_ACL_POLICY_SET.getXml(); @@ -638,9 +610,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { return verifySuccess(response); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#associateAclPolicySet(java.lang.String) - */ @Override public boolean associateAclPolicySet(String tenantName) throws ExecutionException { String xml = VnmcXml.RESOLVE_ACL_POLICY_SET.getXml(); @@ -659,9 +628,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { return verifySuccess(response); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#createIngressAclRule(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String) - */ @Override public boolean createIngressAclRule(String tenantName, String identifier, String policyIdentifier, @@ -686,9 +652,6 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { return verifySuccess(response); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#deleteAclRule(java.lang.String, java.lang.String, java.lang.String) - */ @Override public boolean deleteAclRule(String tenantName, String identifier, String policyIdentifier) throws ExecutionException { String xml = VnmcXml.DELETE_ACL_RULE.getXml(); @@ -702,20 +665,20 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { return verifySuccess(response); } - private String getNameForDNatPortPool(String tenantName, String identifier) { - return "Port-" + tenantName + "-" + identifier; + private String getNameForPFPortPool(String tenantName, String identifier) { + return "PFPort-" + tenantName + "-" + identifier; } - private String getDnForDNatPortPool(String tenantName, String identifier) { - return getDnForTenantVDC(tenantName) + "/objgrp-" + getNameForDNatPortPool(tenantName, identifier); + private String getDnForPFPortPool(String tenantName, String identifier) { + return getDnForTenantVDC(tenantName) + "/objgrp-" + getNameForPFPortPool(tenantName, identifier); } - private String getNameForDNatIpPool(String tenantName, String identifier) { - return "Ip-" + tenantName + "-" + identifier; + private String getNameForPFIpPool(String tenantName, String identifier) { + return "PFIp-" + tenantName + "-" + identifier; } - private String getDnForDNatIpPool(String tenantName, String identifier) { - return getDnForTenantVDC(tenantName) + "/objgrp-" + getNameForDNatIpPool(tenantName, identifier); + private String getDnForPFIpPool(String tenantName, String identifier) { + return getDnForTenantVDC(tenantName) + "/objgrp-" + getNameForPFIpPool(tenantName, identifier); } private boolean createTenantVDCPortPool(String poolDn, String name, @@ -811,68 +774,109 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { } return result; - } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#createTenantVDCDNatPortPool(java.lang.String, java.lang.String, java.lang.String, java.lang.String) - */ @Override - public boolean createTenantVDCDNatPortPool(String tenantName, String identifier, + public boolean createTenantVDCPFPortPool(String tenantName, String identifier, String startPort, String endPort) throws ExecutionException { return createTenantVDCPortPool( - getDnForDNatPortPool(tenantName, identifier), getNameForDNatPortPool(tenantName, identifier), - "DNAT port pool for " + getNameForDNatPortPool(tenantName, identifier), startPort, endPort); + getDnForPFPortPool(tenantName, identifier), + getNameForPFPortPool(tenantName, identifier), + "PF port pool for " + getNameForPFPortPool(tenantName, identifier), + startPort, endPort); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#createTenantVDCDNatIpPool(java.lang.String, java.lang.String, java.lang.String) - */ + @Override - public boolean createTenantVDCDNatIpPool(String tenantName, String identifier, + public boolean createTenantVDCPFIpPool(String tenantName, String identifier, String ipAddress) throws ExecutionException { return createTenantVDCIpPool( - getDnForDNatIpPool(tenantName, identifier), getNameForDNatIpPool(tenantName, identifier), - "DNAT ip pool for " + getNameForDNatIpPool(tenantName, identifier), ipAddress); + getDnForPFIpPool(tenantName, identifier), + getNameForPFIpPool(tenantName, identifier), + "PF ip pool for " + getNameForPFIpPool(tenantName, identifier), + ipAddress); } - private String getNameForDNatPolicy(String tenantName, String identifier) { - return "DNAT-" + tenantName + "-" + identifier; + private String getNameForPFPolicy(String tenantName, String identifier) { + return "PF-" + tenantName + "-" + identifier; } - private String getDnForDNatPolicy(String tenantName, String identifier) { - return getDnForTenantVDC(tenantName) + "/natpol-" + getNameForDNatPolicy(tenantName, identifier); + private String getDnForPFPolicy(String tenantName, String identifier) { + return getDnForTenantVDC(tenantName) + "/natpol-" + getNameForPFPolicy(tenantName, identifier); } - private String getDnForDNatPolicyRef(String tenantName, String identifier) { - return getDnForNatPolicySet(tenantName) + "/polref-" + getNameForDNatPolicy(tenantName, identifier); + private String getDnForPFPolicyRef(String tenantName, String identifier) { + return getDnForNatPolicySet(tenantName) + "/polref-" + getNameForPFPolicy(tenantName, identifier); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#createTenantVDCDNatPolicyRef(java.lang.String, java.lang.String) - */ - public boolean createTenantVDCDNatPolicyRef(String tenantName, String identifier) throws ExecutionException { + private String getNameForPFRule(String tenantName, String identifier) { + return "Rule-" + tenantName + "-" + identifier; + } + + private String getDnForPFRule(String tenantName, String identifier, String policyIdentifier) { + return getDnForPFPolicy(tenantName, policyIdentifier) + "/rule-" + getNameForPFRule(tenantName, identifier); + } + + @Override + public boolean createTenantVDCPFRule(String tenantName, + String identifier, String policyIdentifier, + String protocol, String sourceIp, + String startSourcePort, String endSourcePort) throws ExecutionException { + String xml = VnmcXml.CREATE_PF_RULE.getXml(); + String service = VnmcXml.CREATE_PF_RULE.getService(); + xml = replaceXmlValue(xml, "cookie", _cookie); + xml = replaceXmlValue(xml, "natruledn", getDnForPFRule(tenantName, identifier, policyIdentifier)); + xml = replaceXmlValue(xml, "natrulename", getNameForPFRule(tenantName, identifier)); + xml = replaceXmlValue(xml, "descr", "PF rule for Tenant VDC " + tenantName); + xml = replaceXmlValue(xml, "ippoolname", getNameForPFIpPool(tenantName, policyIdentifier + "-" + identifier)); + xml = replaceXmlValue(xml, "portpoolname", getNameForPFPortPool(tenantName, policyIdentifier + "-" + identifier)); + xml = replaceXmlValue(xml, "srcip", sourceIp); + xml = replaceXmlValue(xml, "srcportstart", startSourcePort); + xml = replaceXmlValue(xml, "srcportend", endSourcePort); + xml = replaceXmlValue(xml, "protocolvalue", protocol); + + String response = sendRequest(service, xml); + + return verifySuccess(response); + } + + @Override + public boolean createTenantVDCPFPolicyRef(String tenantName, String identifier) throws ExecutionException { return createTenantVDCNatPolicyRef( - getDnForDNatPolicyRef(tenantName, identifier), - getNameForDNatPolicy(tenantName, identifier), + getDnForPFPolicyRef(tenantName, identifier), + getNameForPFPolicy(tenantName, identifier), tenantName); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#createTenantVDCDNatPolicy(java.lang.String, java.lang.String) - */ - public boolean createTenantVDCDNatPolicy(String tenantName, String identifier) throws ExecutionException { + @Override + public boolean createTenantVDCPFPolicy(String tenantName, String identifier) throws ExecutionException { return createTenantVDCNatPolicy( - getDnForDNatPolicy(tenantName, identifier), - getNameForDNatPolicy(tenantName, identifier)); + getDnForPFPolicy(tenantName, identifier), + getNameForPFPolicy(tenantName, identifier)); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#deleteTenantVDCDNatPolicy(java.lang.String, java.lang.String) - */ - public boolean deleteTenantVDCDNatPolicy(String tenantName, String identifier) throws ExecutionException { + @Override + public boolean deleteTenantVDCPFPolicy(String tenantName, String identifier) throws ExecutionException { return deleteTenantVDCNatPolicy( - getDnForDNatPolicy(tenantName, identifier), - getNameForDNatPolicy(tenantName, identifier)); + getDnForPFPolicy(tenantName, identifier), + getNameForPFPolicy(tenantName, identifier)); + } + + private String getNameForDNatIpPool(String tenantName, String identifier) { + return "DNATIp-" + tenantName + "-" + identifier; + } + + private String getDnForDNatIpPool(String tenantName, String identifier) { + return getDnForTenantVDC(tenantName) + "/objgrp-" + getNameForDNatIpPool(tenantName, identifier); + } + + @Override + public boolean createTenantVDCDNatIpPool(String tenantName, + String identifier, String ipAddress) throws ExecutionException { + return createTenantVDCIpPool( + getDnForDNatIpPool(tenantName, identifier), + getNameForDNatIpPool(tenantName, identifier), + "DNAT ip pool for " + getNameForDNatIpPool(tenantName, identifier), + ipAddress); } private String getNameForDNatRule(String tenantName, String identifier) { @@ -883,13 +887,22 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { return getDnForDNatPolicy(tenantName, policyIdentifier) + "/rule-" + getNameForDNatRule(tenantName, identifier); } - /* (non-Javadoc) - * @see com.cloud.network.resource.CiscoVnmcConnection#createTenantVDCDNatRule(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String) - */ + private String getNameForDNatPolicy(String tenantName, String identifier) { + return "DNAT-" + tenantName + "-" + identifier; + } + + private String getDnForDNatPolicy(String tenantName, String identifier) { + return getDnForTenantVDC(tenantName) + "/natpol-" + getNameForDNatPolicy(tenantName, identifier); + } + + private String getDnForDNatPolicyRef(String tenantName, String identifier) { + return getDnForNatPolicySet(tenantName) + "/polref-" + getNameForDNatPolicy(tenantName, identifier); + } + + @Override public boolean createTenantVDCDNatRule(String tenantName, - String identifier, String policyIdentifier, - String protocol, String sourceIp, - String startSourcePort, String endSourcePort) throws ExecutionException { + String identifier, String policyIdentifier, String sourceIp) + throws ExecutionException { String xml = VnmcXml.CREATE_DNAT_RULE.getXml(); String service = VnmcXml.CREATE_DNAT_RULE.getService(); xml = replaceXmlValue(xml, "cookie", _cookie); @@ -897,17 +910,38 @@ public class CiscoVnmcConnectionImpl implements CiscoVnmcConnection { xml = replaceXmlValue(xml, "natrulename", getNameForDNatRule(tenantName, identifier)); xml = replaceXmlValue(xml, "descr", "DNAT rule for Tenant VDC " + tenantName); xml = replaceXmlValue(xml, "ippoolname", getNameForDNatIpPool(tenantName, policyIdentifier + "-" + identifier)); - xml = replaceXmlValue(xml, "portpoolname", getNameForDNatPortPool(tenantName, policyIdentifier + "-" + identifier)); xml = replaceXmlValue(xml, "srcip", sourceIp); - xml = replaceXmlValue(xml, "srcportstart", startSourcePort); - xml = replaceXmlValue(xml, "srcportend", endSourcePort); - xml = replaceXmlValue(xml, "protocolvalue", protocol); String response = sendRequest(service, xml); return verifySuccess(response); } + @Override + public boolean createTenantVDCDNatPolicyRef(String tenantName, + String identifier) throws ExecutionException { + return createTenantVDCNatPolicyRef( + getDnForDNatPolicyRef(tenantName, identifier), + getNameForDNatPolicy(tenantName, identifier), + tenantName); + } + + @Override + public boolean createTenantVDCDNatPolicy(String tenantName, + String identifier) throws ExecutionException { + return createTenantVDCNatPolicy( + getDnForDNatPolicy(tenantName, identifier), + getNameForDNatPolicy(tenantName, identifier)); + } + + @Override + public boolean deleteTenantVDCDNatPolicy(String tenantName, + String identifier) throws ExecutionException { + return deleteTenantVDCNatPolicy( + getDnForDNatPolicy(tenantName, identifier), + getNameForDNatPolicy(tenantName, identifier)); + } + private String getNameForEdgeFirewall(String tenantName) { return "ASA-1000v-" + tenantName; } http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/deed3cc9/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java index b024a32..9639d5b 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/element/CiscoVnmcElement.java @@ -41,9 +41,11 @@ import com.cloud.agent.api.routing.NetworkElementCommand; import com.cloud.agent.api.routing.SetFirewallRulesCommand; import com.cloud.agent.api.routing.SetPortForwardingRulesCommand; import com.cloud.agent.api.routing.SetSourceNatCommand; +import com.cloud.agent.api.routing.SetStaticNatRulesCommand; import com.cloud.agent.api.to.FirewallRuleTO; import com.cloud.agent.api.to.IpAddressTO; import com.cloud.agent.api.to.PortForwardingRuleTO; +import com.cloud.agent.api.to.StaticNatRuleTO; import com.cloud.api.commands.AddCiscoAsa1000vResourceCmd; import com.cloud.api.commands.AddCiscoVnmcResourceCmd; import com.cloud.api.commands.DeleteCiscoAsa1000vResourceCmd; @@ -56,7 +58,6 @@ import com.cloud.configuration.ConfigurationManager; import com.cloud.dc.ClusterVO; import com.cloud.dc.ClusterVSMMapVO; import com.cloud.dc.DataCenter; -import com.cloud.dc.DataCenterVO; import com.cloud.dc.Vlan; import com.cloud.dc.DataCenter.NetworkType; import com.cloud.dc.dao.ClusterDao; @@ -612,8 +613,8 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro public boolean applyPFRules(Network network, List<PortForwardingRule> rules) throws ResourceUnavailableException { - if (!_networkMgr.isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, Provider.CiscoVnmc)) { - s_logger.error("Firewall service is not provided by Cisco Vnmc device on network " + network.getName()); + if (!_networkMgr.isProviderSupportServiceInNetwork(network.getId(), Service.PortForwarding, Provider.CiscoVnmc)) { + s_logger.error("Port forwarding service is not provided by Cisco Vnmc device on network " + network.getName()); return false; } @@ -632,7 +633,7 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro } if (network.getState() == Network.State.Allocated) { - s_logger.debug("External firewall was asked to apply firewall rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands."); + s_logger.debug("External firewall was asked to apply port forwarding rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands."); return true; } @@ -664,11 +665,58 @@ public class CiscoVnmcElement extends AdapterBase implements SourceNatServicePro } @Override - public boolean applyStaticNats(Network config, + public boolean applyStaticNats(Network network, List<? extends StaticNat> rules) throws ResourceUnavailableException { - // TODO Auto-generated method stub - return false; + if (!_networkMgr.isProviderSupportServiceInNetwork(network.getId(), Service.StaticNat, Provider.CiscoVnmc)) { + s_logger.error("Static NAT service is not provided by Cisco Vnmc device on network " + network.getName()); + return false; + } + + // Find VNMC host for physical network + List<CiscoVnmcControllerVO> devices = _ciscoVnmcDao.listByPhysicalNetwork(network.getPhysicalNetworkId()); + if (devices.isEmpty()) { + s_logger.error("No Cisco Vnmc device on network " + network.getName()); + return true; + } + + // Find if ASA 1000v is associated with network + NetworkAsa1000vMapVO asaForNetwork = _networkAsa1000vMapDao.findByNetworkId(network.getId()); + if (asaForNetwork == null) { + s_logger.debug("Cisco ASA 1000v device is not associated with network " + network.getName()); + return true; + } + + if (network.getState() == Network.State.Allocated) { + s_logger.debug("External firewall was asked to apply static NAT rules for network with ID " + network.getId() + "; this network is not implemented. Skipping backend commands."); + return true; + } + + CiscoVnmcControllerVO ciscoVnmcDevice = devices.get(0); + HostVO ciscoVnmcHost = _hostDao.findById(ciscoVnmcDevice.getHostId()); + + List<StaticNatRuleTO> rulesTO = new ArrayList<StaticNatRuleTO>(); + for (StaticNat rule : rules) { + IpAddress sourceIp = _networkMgr.getIp(rule.getSourceIpAddressId()); + StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, sourceIp.getAddress().addr(), null, + null, rule.getDestIpAddress(), null, null, null, rule.isForRevoke(), false); + rulesTO.add(ruleTO); + } + + if (!rulesTO.isEmpty()) { + SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO, null); + cmd.setContextParam(NetworkElementCommand.GUEST_VLAN_TAG, network.getBroadcastUri().getHost()); + cmd.setContextParam(NetworkElementCommand.GUEST_NETWORK_CIDR, network.getCidr()); + Answer answer = _agentMgr.easySend(ciscoVnmcHost.getId(), cmd); + if (answer == null || !answer.getResult()) { + String details = (answer != null) ? answer.getDetails() : "details unavailable"; + String msg = "Unable to apply static NAT rules to Cisco ASA 1000v appliance due to: " + details + "."; + s_logger.error(msg); + throw new ResourceUnavailableException(msg, DataCenter.class, network.getDataCenterId()); + } + } + + return true; } @Override http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/deed3cc9/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java index 63911de..3ab6626 100644 --- a/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java +++ b/plugins/network-elements/cisco-vnmc/src/com/cloud/network/resource/CiscoVnmcResource.java @@ -49,6 +49,7 @@ import com.cloud.agent.api.routing.SetSourceNatCommand; import com.cloud.agent.api.routing.SetStaticNatRulesCommand; import com.cloud.agent.api.to.FirewallRuleTO; import com.cloud.agent.api.to.PortForwardingRuleTO; +import com.cloud.agent.api.to.StaticNatRuleTO; import com.cloud.host.Host; import com.cloud.network.cisco.CiscoVnmcConnectionImpl; import com.cloud.resource.ServerResource; @@ -259,7 +260,7 @@ public class CiscoVnmcResource implements ServerResource{ return execute(cmd, _numRetries); } - private Answer execute(IpAssocCommand cmd, int numRetries) { + private Answer execute(IpAssocCommand cmd, int numRetries) { String[] results = new String[cmd.getIpAddresses().length]; return new IpAssocAnswer(cmd, results); } @@ -402,7 +403,65 @@ public class CiscoVnmcResource implements ServerResource{ } private Answer execute(SetStaticNatRulesCommand cmd, int numRetries) { - return new Answer(cmd); + String vlanId = cmd.getContextParam(NetworkElementCommand.GUEST_VLAN_TAG); + String tenant = "vlan-" + vlanId; + + StaticNatRuleTO[] rules = cmd.getRules(); + Map<String, List<StaticNatRuleTO>> publicIpRulesMap = new HashMap<String, List<StaticNatRuleTO>>(); + for (StaticNatRuleTO rule : rules) { + String publicIp = rule.getSrcIp(); + if (!publicIpRulesMap.containsKey(publicIp)) { + List<StaticNatRuleTO> publicIpRulesList = new ArrayList<StaticNatRuleTO>(); + publicIpRulesMap.put(publicIp, publicIpRulesList); + } + publicIpRulesMap.get(publicIp).add(rule); + } + + try { + if (!_connection.createTenantVDCNatPolicySet(tenant)) { + throw new Exception("Failed to create NAT policy set in VNMC for guest network with vlan " + vlanId); + } + + for (String publicIp : publicIpRulesMap.keySet()) { + String policyIdentifier = publicIp.replace('.', '-'); + + if (!_connection.deleteTenantVDCDNatPolicy(tenant, policyIdentifier)) { + throw new Exception("Failed to delete ACL ingress policy in VNMC for guest network with vlan " + vlanId); + } + + if (!_connection.createTenantVDCDNatPolicy(tenant, policyIdentifier)) { + throw new Exception("Failed to create DNAT policy in VNMC for guest network with vlan " + vlanId); + } + if (!_connection.createTenantVDCDNatPolicyRef(tenant, policyIdentifier)) { + throw new Exception("Failed to associate DNAT policy with NAT policy set in VNMC for guest network with vlan " + vlanId); + } + + for (StaticNatRuleTO rule : publicIpRulesMap.get(publicIp)) { + if (rule.revoked()) { + //_connection.deleteDNatRule(tenant, Long.toString(rule.getId()), publicIp); + } else { + if (!_connection.createTenantVDCDNatIpPool(tenant, policyIdentifier + "-" + rule.getId(), rule.getDstIp())) { + throw new Exception("Failed to create DNAT ip pool in VNMC for guest network with vlan " + vlanId); + } + + if (!_connection.createTenantVDCDNatRule(tenant, + Long.toString(rule.getId()), policyIdentifier, rule.getSrcIp())) { + throw new Exception("Failed to create DNAT rule in VNMC for guest network with vlan " + vlanId); + } + } + } + } + + if (!_connection.associateNatPolicySet(tenant)) { + throw new Exception("Failed to associate source NAT policy set with edge security profile in VNMC for guest network with vlan " + vlanId); + } + } catch (Throwable e) { + String msg = "SetSourceNatCommand failed due to " + e.getMessage(); + s_logger.error(msg, e); + return new Answer(cmd, false, msg); + } + + return new Answer(cmd, true, "Success"); } /* @@ -436,35 +495,35 @@ public class CiscoVnmcResource implements ServerResource{ for (String publicIp : publicIpRulesMap.keySet()) { String policyIdentifier = publicIp.replace('.', '-'); - if (!_connection.deleteTenantVDCDNatPolicy(tenant, policyIdentifier)) { + if (!_connection.deleteTenantVDCPFPolicy(tenant, policyIdentifier)) { throw new Exception("Failed to delete ACL ingress policy in VNMC for guest network with vlan " + vlanId); } - if (!_connection.createTenantVDCDNatPolicy(tenant, policyIdentifier)) { - throw new Exception("Failed to create DNAT policy in VNMC for guest network with vlan " + vlanId); + if (!_connection.createTenantVDCPFPolicy(tenant, policyIdentifier)) { + throw new Exception("Failed to create PF policy in VNMC for guest network with vlan " + vlanId); } - if (!_connection.createTenantVDCDNatPolicyRef(tenant, policyIdentifier)) { - throw new Exception("Failed to associate DNAT policy with NAT policy set in VNMC for guest network with vlan " + vlanId); + if (!_connection.createTenantVDCPFPolicyRef(tenant, policyIdentifier)) { + throw new Exception("Failed to associate PF policy with NAT policy set in VNMC for guest network with vlan " + vlanId); } for (PortForwardingRuleTO rule : publicIpRulesMap.get(publicIp)) { if (rule.revoked()) { - //_connection.deleteDNatRule(tenant, Long.toString(rule.getId()), publicIp); + //_connection.deletePFRule(tenant, Long.toString(rule.getId()), publicIp); } else { - if (!_connection.createTenantVDCDNatIpPool(tenant, policyIdentifier + "-" + rule.getId(), rule.getDstIp())) { - throw new Exception("Failed to create DNAT ip pool in VNMC for guest network with vlan " + vlanId); + if (!_connection.createTenantVDCPFIpPool(tenant, policyIdentifier + "-" + rule.getId(), rule.getDstIp())) { + throw new Exception("Failed to create PF ip pool in VNMC for guest network with vlan " + vlanId); } - if (!_connection.createTenantVDCDNatPortPool(tenant, policyIdentifier + "-" + rule.getId(), + if (!_connection.createTenantVDCPFPortPool(tenant, policyIdentifier + "-" + rule.getId(), Integer.toString(rule.getDstPortRange()[0]), Integer.toString(rule.getDstPortRange()[1]))) { - throw new Exception("Failed to create DNAT port pool in VNMC for guest network with vlan " + vlanId); + throw new Exception("Failed to create PF port pool in VNMC for guest network with vlan " + vlanId); } - if (!_connection.createTenantVDCDNatRule(tenant, + if (!_connection.createTenantVDCPFRule(tenant, Long.toString(rule.getId()), policyIdentifier, rule.getProtocol().toUpperCase(), rule.getSrcIp(), Integer.toString(rule.getSrcPortRange()[0]), Integer.toString(rule.getSrcPortRange()[1]))) { - throw new Exception("Failed to create DNAT rule in VNMC for guest network with vlan " + vlanId); + throw new Exception("Failed to create PF rule in VNMC for guest network with vlan " + vlanId); } } }
